Closed Bug 1695386 Opened 4 years ago Closed 4 years ago

Clean up BailoutKind::TooManyArgs

Categories

(Core :: JavaScript Engine: JIT, task, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
90 Branch
Tracking Flags:
Tracking Status
firefox90 --- fixed

People

(Reporter: iain, Assigned: paklovpavel, Mentored, NeedInfo)

Details

(Keywords: good-first-bug)

Attachments

(2 files)

Bug 1695386 - Clean up BailoutKind::TooManyArgs. r=iain
48 bytes, text/x-phabricator-request
Details | Review
Bug 1695386 - Clean up BailoutKind::TooManyArgs UPDATE r?iain
48 bytes, text/x-phabricator-request
Details | Review

Note: this bug is currently reserved for Outreachy applicants for the Spring/Summer 2021 cycle. If it has not been completed by the end of the application cycle, we will open it up.

Background

Warp, our optimizing compiler, speculatively optimizes functions based on the behaviour we have seen so far. If something changes, we may have to bail out. When we do so, we want to ensure that we don't make the same incorrect speculation again. To track this information, we give every MIR instruction that might bail out a BailoutKind, which tells us what to do if a bailout happens. (For more information, see this SMDOC comment.)

This Bug

To avoid allocating too much stack memory at once, we put a limit on the maximum number of arguments that can be pushed by a spread call (foo(...array)) or FunApply (foo.apply({}, array) in jitcode. If a function is called with too many arguments, we will bail out and call into C++ code to handle the call.

In some cases (like foo(...array)) we can hit this bailout without speculating. If this happens, to avoid getting stuck in endless bailout loops, we will disable Warp compilation for this function. This uses BailoutKind::TooManyArguments. Currently, we set that bailout kind for MIR instructions in their constructors. (Relevant searchfox results)

This is too pessimistic for FunApply. If we bail out because the array of arguments is too big, we can just not optimize the FunApply in CacheIR (see here), and we'll generate a regular call to the native FunApply function.

Instructions generated in WarpCachIRTranspiler.cpp don't need BailoutKind::TooManyArguments, because the BailoutKind::TranspiledCacheIR they are assigned here is good enough. Instead of setting BailoutKind::TooManyArguments in the constructor, we should call setBailoutKind on the relevant instructions when they are generated in WarpBuilder.cpp.

When you're done, you should be able to run the test suite (./mach jit-test) without any failures. (You will want to build SpiderMonkey with --enable-optimize while running the tests.)

Prerequisites

Before getting started, you'll want to ensure:

Getting help

Leave comments on this bug for questions, or ask in #spidermonkey on chat.mozilla.org.

I can fix that but i need some guide

pavel: Are you still working on this bug?

Flags: needinfo?(paklovpavel)
Assignee: nobody → bukky.akinnadeju17
Status: NEW → ASSIGNED
Assignee: bukky.akinnadeju17 → paklovpavel

Is anyone still working on this

(In reply to mehaboob shariff from comment #4)

Is anyone still working on this

yep, i am

Attachment #9221771 - Attachment description: Bug 1695386 - Clean up BailoutKind::TooManyArgs. r?iain → Bug 1695386 - Clean up BailoutKind::TooManyArgs UPDATE r?iain
Pushed by iireland@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9e1110b7f728 Clean up BailoutKind::TooManyArgs UPDATE r=iain

https://hg.mozilla.org/mozilla-central/rev/9e1110b7f728

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox90: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: